Data Protection Information

Data protection information

When EU’s General Data Protection Regulation (GDPR) enters into force, this data protection information will replace our previous register descriptions. In accordance with the GDPR, we wish to inform those who use our services and website (below “customer”) of the manner in which we process personal information in a concise, transparent, easily understandable manner, by using clear and simple language. If you have any questions about the information presented below or the manner in which we take care of data protection, please do not hesitate to contact us.

You can send any questions regarding this document to our Data Protection Officer Marketta Korhonen, for contact information see www.yritysvantaa.fi

3. Our registers of personal information

We process personal information about our customers for different purposes and therefore partly in different registers.

4. Purpose and legal basis for processing personal information

We process personal information primarily in order to take care our customer relations but for reporting and statistics as well and for informing about our operations and for their marketing. We process information in order to fulfil a contract (business consultancy), our legal obligations, based on legitimate interest (reporting and statistics) and based on consent (marketing). We may also send our customers customer feedback enquiries, the results of which we use in order to develop our operations.

As a whole, it can be said that our legitimate interest above all deals with spreading information about our operations, the development of our operations and the maintenance of well-functioning co-operation networks.

5. Groups of personal information

When offering advice on establishing a company, we may process the following information about our customers:

Name
Home address
Telephone number
E-mail address
Business concept/Business ID

The above mentioned information will be entered in the Ajas system, when an appointment is booked. From there it will be transferred to the Nestor customer information system.

When meeting the customer for the first time, we will add the following information to our register:

Gender
Year of birth
Domicile (municipality)
Nationality
Language used
Education class
Employment situation
Where the customer has heard of EnterpriseVantaa’s services

If the company is already operational, its business ID, registration date and contact information, which are transferred automatically from the Business Information System (YTJ).

In addition, we make notes about the meeting with the customer and the business concept, any expert sources and the customer’s business plan.

Customers register for EnterpriseVantaa’s events through the Lyyti service, which may also be used for communications about events. In connection with the registration, we ask the customer’s name, e-mail address and other details in connection with the event that are necessary for arranging it. We may request feedback about the event by e-mail, the Lyyti system or with some other corresponding tool. It is also possible to register for some of the events directly, for example by sending e-mail to our customer advisor.

6. Sources of information

We basically get the information that we process from the customer. On the other hand, e.g. our personnel uses public sources of information when necessary (e.g. Finnish Patent and Registration Office (PRH) and YTJ). If the customer already has a business ID, the information about the company (registration date, contact information and standard industry classification) is transferred to our systems from the YTJ. When a customer has established or wound up a company, said information is transferred to our registers from the Trade Register maintained by PRH. When necessary, we receive information (and inform the customer about this) from different interest groups (e.g. TE Offices, Finnvera and our experts).

7. Those receiving and processing personal information

If the customer so wishes, he or she may give consent to becoming member of a local association of the Federation of Finnish Enterprises, in which case customer information is transferred to the Federation of Finnish Enterprises.

In addition, information and the business concept may be processed for taking measures that the customer’s needs call for together with the TE Office, Finnvera, our experts or other corresponding actors.

We use our service providers’ systems in order to serve our customers. Consequently, our customers’ information may be processed at least in the following services: booking appointments, and Lyyti (registration for events, remainders and feedback inquiries).

8. Transfer of information

We do not transfer information outside the EU or EEA.

9. Consent for marketing

If the customers so wish, they may join EnterpriseVantaa’s mailing list by giving a written consent on the customer information form. If a person living in the EnterpriseVantaa’s main area of operation (Vantaa) has downloaded the Entrepreneur Guide from the www.perustamisopas.fi website and given a marketing consent, his or her e-mail address is added to EnterpriseVantaa’s mailing list. We may occasionally also send other material on entrepreneurship to our customers by mail.

10. Storing of personal information

We process personal information based on the purpose of its use and the time needed. We wish to remind that, e.g. the reporting and statistics obligations that bind us may require the storing of data even after business consultancy has ended. In addition, the customers should understand that we may, as necessary, save information that is essential with regard to statistics in such a manner that the customer may not directly or indirectly be identified on the basis of it.

11. Principles for protecting the processing of personal information

The main principle is that we process our customers’ personal information in protected information systems, where the right of use requires, e.g. a user ID and a password. User rights are granted to persons who are employed by the controller and to whose position and tasks said right is related. When using electronic communications (e.g. e-mail), we take the required measures for securing a sufficient data protection level. We store our customer information forms in locked premises.

12. Rights of the registered person

Right of access to the personal information:

a customer may contact us and check the information that we have stored about him or her

Right to correct information:

even though we always try to make sure that the information is intact and up-to-date, a customer may contact us and request that incorrect information is corrected

Right to erase information:

if the purpose of use is no longer valid and the customer has, for instance, cancelled his or her consent to a certain purpose of processing information, we will erase the information and the customer also has the right to require this of us

Right to restrict processing:

a customer may contact us and check the information that we have stored about him or her

Right to object:

we have created mechanisms with which our customers may object to the processing of their personal information, and we also wish to remind that, to the extent that the processing is based on consent (regarding marketing, for instance), our customers always have the right to freely cancel their consent

Right to transfer information between systems:

customers may contact us if they need their information in other systems than ours, and we will try to deliver the information in such a manner that it may be transferred to another system

13. Other considerations

Even though we try to act in accordance with the GDPR, for instance, a customer may always contact our Data Protection Officer or lodge a complaint with the supervisory authority.

When collecting information, we try to explain to our customers which information is voluntary and which information is compulsory. Basically, at least the information listed above is necessary for us so that we can provide business consultancy or other services (in order to fulfil the obligations based on contract or law).

We do not use personal information for automatic decision-making (including profiling).